118 matches found
Osclass 3.4.2 Local File Inclusion
-------------------------------------------------------------- Osclass getRoutes; 228. $rid = Params::getParam'route'; 229. $file = '../'; 230. ifisset$routes$rid && isset$routes$rid'file' 231. $file = $routes$rid'file'; 232. 233. else 234. // DEPRECATED: Disclosed path in URL is deprecated, use...
Osclass 3.4.2 Shell Upload
--------------------------------------------------------------------- Osclass redirectTo osccontacturl ; 107. 108. 109. if !moveuploadedfile$tmpName, $path 110. unset$path; 111. 112. 113. The vulnerability exists because of the "CWebContact::doModel" method not properly verifying the extension of...
Osclass 3.4.2 SQL Injection
------------------------------------------------------------------- Osclass = 3.4.2 Search::setJsonAlert SQL Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://osclass.org/ - Affected Versions: Version 3.4.2 and probably prior...
CVE-2014-6308
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php...
CVE-2014-6280
Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...
Directory traversal
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...
CVE-2014-6308
OSClass before 3.4.2 is affected by a directory traversal/LFI via .. in the file parameter of oc-admin/index.php (render action), allowing reading arbitrary server files. Affected: 3.4.1 and earlier; fixed in 3.4.2 ( Netsparker NS-14-031; PoC shows /oc-admin/index.php?page=appearance&action=rende...
CVE-2014-6308
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php...
CVE-2014-6280
Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...
CVE-2014-6280
CVE-2014-6280 affects OsClass prior to 3.4.2, with multiple XSS vulnerabilities that can be triggered via oc-admin/index.php by manipulating parameters (action, nsextt) and within items_reported action when using nsextt. The vulnerability arises in OsClass before 3.4.2, allowing remote attackers ...
Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280
Information ------------ Advisory by Netsparker. Name: XSS Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Cross-site Scripting Severity : Critical CVE-ID: CVE-2014-6280 Netsparker Advisory...
Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308
Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity : Critical CVE-ID: CVE-2014-6308 Netsparker Advisory...
OsClass 3.4.1 (index.php, file param) - Local File Inclusion
No description provided by source...
OsClass 3.4.1 (index.php, file param) - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severit...
OSClass 3.4.1 - index.php Local File Inclusion
OSClass 3.4.1 - index.php Local File Inclusion Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity :...
OSClass 3.4.1 - 'index.php' Local File Inclusion
Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity : Critical CVE-ID: CVE-2014-6308 Netsparker Advisory...
OsClass 3.4.1 Cross Site Scripting
Information ------------ Advisory by Netsparker. Name: XSS Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Cross-site Scripting Severity : Critical CVE-ID: CVE-2014-6280 Netsparker Advisory...
OsClass 3.4.1 Local File Inclusion
Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity : Critical CVE-ID: CVE-2014-6308 Netsparker Advisory...
Osclass 3.3 Cross Site Request Forgery / SQL Injection / Traversal
=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah The Mercifull-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Vendor: http://osclass.org + Software:Osclass + Version : 3.3 author: R3d-D3v!L + TEAM: ABH ? contact: Xathotmail.co.jp - ? Date: 14.d3c.2ol3 ? T!ME: 04:54 am GMT ? Home: soon ^ ?...